 |
|
|
|
| Overview |
|
|
|
| SimpleIoTDecoy is an easy to deploy, software based device simulator that acts as an intelligent honeypot to detect intrusions, while deceptively appearing just like any other device on your network. |
|
| SimpleIoTDecoy supports many of the common IoT and network management protocols like MQTT, CoAP, Modbus, BACnet, HTTP/s, SNMP, Telnet, SSH, IPMI, TL1, Netconf and even LoRa. The Decoy can "learn" from existing devices to duplicate them and then run inside your intranet on computers/VMs using unused IPs to create a mixture of real and decoy devices. |
|
| SimpleIoTDecoy, using patented technology, will then simply listen for incoming requests and respond to them appropriately based on the learnt data and log the interaction. It will also flag intrusions when it receives requests from unknown entities or receives requests that are different from ones it has received before from known entities. White lists of known entities and requests get automatically populated by accepting requests during a specified interval or created manually. Request fingerprinting is used to distinguish between similar requests sent from known entities that have been compromised. |
|
| Both IPv4 and IPv6 protocols are supported and SimpleIoTDecoy can run on physical as well as virtual machines. |
|
| |
|
| Benefits |
|
|
| The SimpleIoTDecoy adds one more security tool to an IT department's arsenal for intrusion detection within the intranet. When hackers infiltrate the intranet, they typically scan the network to discover the devices connected to it. |
|
| SimpleIoTDecoy device will show up alongside real devices in the scan and appear just as real. The Decoy will respond back to queries like a real device keeping the intruder engaged, while silently keeping a log of the requests made and raising an alarm to identify compromized servers used to send the requests. |
|
| The logs can be used to run forensics to analyze the mode of operation of the intruders without putting real resources at risk. Intrusion alerts can be forwarded to the main NMS in the form of SNMP traps and syslog messages. The logs can also be used to train machine learning algorithms for future intrusion detection. |
| |
|
| Operation |
|
|
| Only a few simple steps are required to start using the SimpleIoTDecoy. They are: |
- Use the built-in learner utilities to record packet exchanges from real devices.
- Use this learnt data as a template to create decoys and assign them unused IPs on your intranet.
- Wait for SimpleIoTDecoy to detect intrusions and send alerts. Examine logs to run forensics.
|
|
| Availability |
|
| Please email sales@simplesoft.com for limited trials. |
| |
|
| System Requirements |
|
| |
